[SOLVED] Lost access to the GUI after SSL certificates deletion

P

pardub

Member
Oct 7, 2019
23
4
23
Good evening,
I lost access to the GUI Prosmox 6.0.7 after I deleted by mistake the following files : /etc/pve/local/pveproxy-ssl.pem and /etc/pve/local/pveproxy-ssl.key while trying unsuccessfully to use Let's Encrypt.

I then did the following:

Bash: 
pvecm updatecerts -f
(re)generate node files
generate new node certificate
merge authorized SSH keys and known hosts




Bash: 
cat /etc/hosts



# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1       localhost.localdomain localhost

151.80.XX.XX    ns3550000.ip-151-80.eu       ns3550000

# The following lines are desirable for IPv6 capable hosts

#(added automatically by netbase upgrade)

::1     ip6-localhost ip6-loopback

feo0::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts



Bash: 
systemctl status -l pve-cluster
● pve-cluster.service - The Proxmox VE cluster filesystem
   Loaded: loaded (/lib/systemd/system/pve-cluster.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-10-07 19:04:25 UTC; 17min ago
  Process: 20704 ExecStart=/usr/bin/pmxcfs (code=exited, status=0/SUCCESS)
  Process: 20717 ExecStartPost=/usr/bin/pvecm updatecerts --silent (code=exited, status=0/SUCCESS)
 Main PID: 20711 (pmxcfs)
    Tasks: 6 (limit: 4915)
   Memory: 21.8M
   CGroup: /system.slice/pve-cluster.service
           └─20711 /usr/bin/pmxcfs

Oct 07 19:04:24 ns300000 systemd[1]: Starting The Proxmox VE cluster filesystem...
Oct 07 19:04:25 ns300000 systemd[1]: Started The Proxmox VE cluster filesystem.


Bash: 
journalctl -u pve-cluster
-- Logs begin at Sat 2019-10-05 18:59:34 UTC, end at Mon 2019-10-07 19:24:21 UTC. --
Oct 07 19:04:23 ns0000000 systemd[1]: Stopping The Proxmox VE cluster filesystem...
Oct 07 19:04:23 ns0000000 pmxcfs[1206]: [main] notice: teardown filesystem
Oct 07 19:04:24 ns0000000 pmxcfs[1206]: [main] notice: exit proxmox configuration filesystem (0)
Oct 07 19:04:24 ns0000000 systemd[1]: pve-cluster.service: Succeeded.
Oct 07 19:04:24 ns0000000 systemd[1]: Stopped The Proxmox VE cluster filesystem.
Oct 07 19:04:24 ns0000000 systemd[1]: Starting The Proxmox VE cluster filesystem...
Oct 07 19:04:25 ns0000000 systemd[1]: Started The Proxmox VE cluster filesystem.


Bash: 
systemctl status pveproxy pvedaemon pve-cluster

● pveproxy.service - PVE API Proxy Server
   Loaded: loaded (/lib/systemd/system/pveproxy.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-10-07 19:00:16 UTC; 25min ago
  Process: 20072 ExecStart=/usr/bin/pveproxy start (code=exited, status=0/SUCCESS)
 Main PID: 20082 (pveproxy)
    Tasks: 4 (limit: 4915)
   Memory: 123.6M
   CGroup: /system.slice/pveproxy.service
           ├─20082 pveproxy
           ├─23938 pveproxy worker
           ├─23939 pveproxy worker
           └─23940 pveproxy worker

Oct 07 19:25:41 ns300000 pveproxy[23938]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServe
Oct 07 19:25:41 ns300000 pveproxy[23931]: worker exit
Oct 07 19:25:41 ns300000 pveproxy[20082]: worker 23930 finished
Oct 07 19:25:41 ns300000 pveproxy[20082]: starting 1 worker(s)
Oct 07 19:25:41 ns300000 pveproxy[20082]: worker 23939 started
Oct 07 19:25:41 ns300000 pveproxy[20082]: worker 23931 finished
Oct 07 19:25:41 ns300000 pveproxy[20082]: starting 1 worker(s)
Oct 07 19:25:41 ns300000 pveproxy[20082]: worker 23940 started
Oct 07 19:25:41 ns300000 pveproxy[23939]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServe
Oct 07 19:25:41 ns300000 pveproxy[23940]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServe



How can I retrieve access to the GUI?

Thank you for your help
 
Both /etc/pve/local/pveproxy-ssl.pem and /etc/pve/local/pveproxy-ssl.key are empty ...
I did also

Bash: 
 pvecm updatecerts
(re)generate node files
merge authorized SSH keys and known hosts

and

Bash: 
 pvecm updatecerts --force

and

Bash: 
rm /etc/pve/priv/authkey.key

followed again by

Bash: 
pvecm updatecerts --force
(re)generate node files
generate new node certificate
merge authorized SSH keys and known hosts


but those both files are still empty.
 
Last edited:
try removing the files '/etc/pve/local/pveproxy-ssl.pem' and '/etc/pve/local/pveproxy-ssl.key'
if they exist (even though they are empty) pveproxy will try to read cert+key from there - if they are not there it will fall back to the certs for cluster communication

run `pvecm updatecerts --force` afterwards

I hope this helps!
 
  • Like
Reactions: llkblk, dannyleeuk, secularmetal and 3 others
Stoiko Ivanov said:
try removing the files '/etc/pve/local/pveproxy-ssl.pem' and '/etc/pve/local/pveproxy-ssl.key'
if they exist (even though they are empty) pveproxy will try to read cert+key from there - if they are not there it will fall back to the certs for cluster communication

run `pvecm updatecerts --force` afterwards

I hope this helps!
Click to expand...
Thanks ! It worked out
 
  • Like
Reactions: Stoiko Ivanov
Stoiko Ivanov said:
try removing the files '/etc/pve/local/pveproxy-ssl.pem' and '/etc/pve/local/pveproxy-ssl.key'
if they exist (even though they are empty) pveproxy will try to read cert+key from there - if they are not there it will fall back to the certs for cluster communication

run `pvecm updatecerts --force` afterwards

I hope this helps!
Click to expand...
secularmetal said:
this really saved me, was doing a deployment in tetraform and deployed the wrong cert to the node.

quick script to fix it.

rm /etc/pve/local/pveproxy-ssl.pem
rm /etc/pve/local/pveproxy-ssl.key
pvecm updatecerts --force
systemctl restart pveproxy
Click to expand...
Perfect, worked a treat!! Thank you
 
You must log in or register to reply here.
Top Bottom